2. Categories of Personal Data Collected and Processed
2.1 Data which you provide us with directly
Through our various communications with you, you may be required to send us information about you. This information is collected:
when you sign up to receive our newsletter,
when you request information via our online form,
when you respond to online job postings,
at a trade show or other similar events,
This data includes your surname, first name, telephone number, email and postal address, CV, photograph and any other information with which you wish to provide us.
2.2 Data which we collect automatically
Each time you visit our website and Applications, we collect information concerning your connection and browsing if you authorise us to do so. Various technologies may be used to collect this data. The main technology used to collect data is cookies.
2.2.1 How Cookies work
A cookie is a text file sent when you visit a website, application or online advertisement and stored in a specific location on your computer’s hard drive or mobile device. Cookies are managed by your internet browser and only the server that sends a cookie can decide to read or modify the data contained in it.
Cookies have a limited lifespan. They are sent to or stored on your device in compliance with governing legislation and subject to the choices you express, which you can change at any time.
Cookies have several functions, including allowing you to browse effectively on a website or application, remembering your selections, and offering you relevant advertising content that matches your interests based on your browsing history.
Data collected via cookies cannot in any way identify you by name. It is exclusively used for our own purposes in order to improve the interaction and performance of our website and applications, and to provide you with content adapted to your interests. None of this data is communicated to third parties without your prior consent unless required by law, a court order or any administrative or legal authority authorised to access it.
When you visit the MGI website and use our Applications and services, information concerning your browsing history may be stored in cookie files installed on your device, depending on your cookie settings, which you can change at any time. These cookies provide personalised browsing for Users and are also used for analytical purposes. For example, this can include:
The identifiers for the equipment you use (your computer’s IP address, Android identifier, Apple identifier, etc.),
The type of operating system which your device uses (Microsoft Windows, Apple macOS or iOS, Linux, Unix, BeOS, etc.),
The type and version of browser used by your terminal (Microsoft Internet Explorer, Apple Safari, Mozilla Firefox, Google Chrome, etc.),
The dates and times when you connect to our services,
Browsing data on our Applications and website, viewed content,
Use data, for example from web journals, landing and exit pages and URL, the type of platform, the number of clicks, domain names, destination pages, pages and content viewed and the order of these pages, the time spent on each page, the date and time when our Services are used, how often our Services are used, error logs and logs of similar information;
Precise geolocation data which you allow our applications to access.
By default, cookies are not automatically installed (except for cookies needed to run the website and MGI Applications). An information banner placed at the top or bottom of the home page will inform you of cookies as soon as you connect to the MGI website and Applications.
In accordance with applicable regulations, placing and reading cookies on your device requires your prior consent by clicking “I accept”. However, you may configure your browser to block cookies or customise your cookie settings.
According to the French National Data Protection Commission (CNIL), consent is legally valid for no more than 13 months.
2.3 Cookies exempt from consent
According to recommendations of the National Data Protection Commission (CNIL), some cookies do not require your prior consent if they are used strictly to run the website or for the sole purpose of enabling or facilitating electronic communication. These include session identifiers, authentication cookies, cookies used for load balancing and to personalise your interface.
2.4 Persistent cookies
This requirement concerns third-party cookies qualified as “persistent” as they remain on your device until they are erased or until their expiration date.
Since these types of cookies are transmitted by third parties, their use and placement is subject to their own confidentiality policies which can be consulted via the link below. This family of cookies includes social media cookies (particularly Facebook, YouTube, Twitter and LinkedIn).
Social media cookies are placed and managed by the social network publisher in question. These cookies are subject to your consent and allow you to easily share some of the content from the MGI website, particularly via a “share button” depending on the social media network in question. Four types of social media cookies are used on the MGI website:
2.5 Various tools for configuring cookies
Most internet browsers are configured by default to enable cookies. Your browser allows you to change these default settings so that all cookies are automatically blocked or so that only some cookies are enabled or blocked depending on who places them.
You can block cookies by configuring your browser as follows :
For Chrome :
On your computer, open Chrome.
At the top right, click More.
Click “More tools” “Clear browsing data”.
At the top of the page, select a time range. …
Click the boxes for “Cookies and other site data” and “Cached images and files”.
Click “Clear data”.
For Mozilla Firefox :
Choose “Menu” then “Options”
Select the “Privacy & Security” panel
Go to the “Cookies and Site Data” menu and select your preferred options
For Microsoft Internet Explorer :
Choose the “Tools” menu then “Internet Options”
Click on the “Privacy” tab
Use the slider to select the privacy level.
For Edge :
Go to “Settings”
Under “Clear browsing data”, select “Choose what to clear”
Select the check box next to each data type you’d like to clear, and then select “Clear”.
For Opera :
Please be advised that blocking cookies may alter your user experience and your access to certain services or functions on MGI’s website and applications.
For more information on managing cookies, please consult the CNIL website: https://www.cnil.fr/en/home and the “Vos traces” section on the French website of the CNIL (National Data Protection Commission),
2.6 Google Analytics
To optimise information with our clients and to design our Web pages effectively, MGI uses Google Analytics. For this, only access data without personal data references are stored, such as the browser type and version, the operating system used, the referrer URL, the anonymised IP of the requesting computer and the date and time of the query.
The data generated by cookies concerning your use of our website will be transmitted to and stored on Google’s servers in the United States. Google will use this data to assess your use of the website, compile website activity reports and provide other services linked to the website’s activity and internet use.
This data is assessed for the sole purposes of improving our services and for statistics.
2.7 Opting out of data collection
You may prevent Google from collecting data generated by cookies and data related to your use of our website (including your IP address) and prevent Google from processing this data by downloading and installing their Opt-out Browser Add-on, available at:https://tools.google.com/dlpage/gaoptout
By using our website, you expressly consent to Google processing your data for the purposes described above.
2.8 Demographics in Google Analytics
Our website uses the Google Analytics Demographics feature. Reports on the age, gender and interests of website visitors may therefore be produced. This data cannot be attributed to a specific person. You can deactivate this function at any time via your Google account settings or prevent your data from being used by Google Analytics as described in Section 2.7.
3. Purposes of collecting and processing Personal Data
The Personal Data of Users is collected and processed according to well-defined and specific purposes. The main purpose of collecting personal data is to provide a safe, optimised, efficient and personalised experience. You can therefore allow us to use your personal data so that we can:
Provide and manage our services and ensure that they run properly;
Analyse when and how often you use our services and applications;
Communicate with Users and improve the quality of our services, i.e. answer your questions and give you news updates;
Manage your job applications with Recruiters;
Prevent, detect and investigate any activities that are potentially prohibited and illegal or in violation of best practice, and ensure compliance with our general terms of service;
Comply with our legal and regulatory obligations.
Any use of Personal Data for reasons other than those stated above in our Privacy Rules requires your express consent.
No Personal Data is sold to third parties for marketing or other purposes.
Is your data transferred outside the European Union?
4. Personal data security and privacy
As a data controller, we implement appropriate technical and organisational measures in compliance with applicable law in order to protect your personal data against alteration, accidental or unlawful destruction or loss, or unauthorised use, disclosure or access. MGI has therefore employed appropriate measures to protect the integrity, privacy and security of Personal Data, including:
Appointing a data protection officer;
ISO 27001 certification;
Creating a special committee for the security of information systems;
Informing employees who have access to your personal data about privacy requirements;
Securing access to our offices and IT platforms;
Using data encryption;
Implementing a security policy;
Implementing appropriate electronic, physical and management procedures in order to safeguard and protect collected data;
Securing access to, the sharing and transfer of data;
The high level of security standards we require in terms of data protection when choosing our sub-contractors and partners;
Auditing our sub-contractors;
Networks of secure data protected by firewall and password-protected systems which meet applicable standards;
In the event that you are impacted by a security breach, MGI will inform you as soon as possible and do everything in its power to take all available measures to neutralise the intrusion and minimise its impacts. Should you suffer damage due to a security breach because of a third-party, MGI will provide you with all necessary assistance to enable you to exercise your rights.
Any user, client or hacker who discovers and exploits a security vulnerability may be punishable by law and MGI will take all measures, including filing a complaint and/or initiating legal action, in order to protect its data and rights and those of its users, and limit the impacts of the security breach.
5. SSL and TLS protocols on the MGI website
The website https://www.mgi-ci5.com/en/ci5/ and MGI applications use the SSL or TLS protocol for increased security and to protect the transfer of confidential content. An encrypted connection can be identified by:
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
6. Restricted access to personal data and how long this data is stored
Access to personal data is strictly limited to employees who need to access it in order to process it. These employees are subject to strict confidentiality obligations..
We do not retain personal data beyond the length of time required for the purposes for which it was collected in accordance with applicable legal and regulatory restrictions. In particular:
- Data collected via a form or at a trade show are kept for 3 years,
- Job application data is kept for 2 years,
- Cookies are stored for 13 months.
In any case, we review the information we store on a regular basis. We securely delete your data when we no longer have reason to keep it for legal or business needs or to manage your account, or if you exercise your right to modify or erase it.
If you exercise your right to object to the processing of your personal data, we will securely erase your personal data which we process for purposes which you object to as quickly as possible unless there is another legal basis for processing and retaining your data or if we are required by law to retain it.
7. Data Protection and Freedoms
Under the EU General Data Protection Regulation 2016/679 (GDPR), you have the following rights concerning your Personal Data, which you may exercise by writing to the address provided in Section 9.
You have the right to access Personal Data about you.
However, due to our obligation to protect the security and privacy of personal data, please be informed that we may only address your request if you provide proof of your identity.
To assist you, particularly if you wish to exercise your right to access your personal data via a written request sent to the postal address provided in Section 9, the following link provides a letter template prepared by the CNIL: https://www.cnil.fr/fr/modele/courrier/exercer-son-droit-dacces
Under this right, legislation allows you to request the rectification, update, restriction or erasure of your personal data if it is inaccurate, wrong, incomplete or obsolete.
To assist you, particularly if you wish to exercise your right to rectify your personal data via a written request sent to the postal address provided in Section 9, the following link provides a letter template prepared by the CNIL: https://www.cnil.fr/fr/modele/courrier/rectifier-des-donnees-inexactes-obsoletes-ou perimees
This right can be exercised to prevent collected data from being used for marketing purposes.
To assist you, particularly if you wish to exercise your right to object via a written request sent to the postal address provided in Section 9, the following link provides a letter template prepared by the CNIL: https://www.cnil.fr/fr/modele/courrier/supprimer-des-informations-vous-concernant-dun-site-internet
8. Response time
MGI will respond to your request for access, rectification or to object or for any other requests for information within a timely manner that will not exceed 30 days from receipt of your request.
9. Contact information and data protection officer